The journey has been long and full of challenges, but the day has finally come. Linda’s organisation has decided to move to the cloud. As the sourcing, procurement and vendor management (SPVM) leader, it’s her duty to choose the right cloud solution and negotiate the best possible contract. But this is easier said than done.

Infrastructure as a service (IaaS) is the fastest growing cloud model worldwide. Gartner predicts that the cloud compute IaaS market, regarding end-user spending, will achieve a compound annual growth rate of 28.7 percent between 2017 and 2022.

Linda can choose one of the hyperscale providers such as Amazon Web Services (AWS), Microsoft Azure, Google or Alibaba. Or, she can opt for a more traditional vendor with large-scale cloud offerings such as IBM, DXC or Fujitsu. The selection process goes beyond assessing providers’ technology and functionality. Linda must develop a clear negotiation and risk mitigation strategy to avoid hidden and indirect costs, effectively determine potential risks, and negotiate favourable terms and conditions.

Below are three best practices that Linda and other SPVM leaders can use to successfully negotiate on a cloud solution.

Keep common mistakes top of mind

One big advantage of cloud services is that they enable users to buy services easily and directly. This is also a risk.

Nearly half of IT spending on the cloud is outside of the IT budget. That means the IT department, in a number of cases, is unaware of the spending and can’t apply practices and risk mitigation steps. In the era of the General Data Protection Regulation (GDPR) and other data compliance regulations, unsanctioned use of cloud services can be a serious threat to businesses.

SPVM leaders must keep these risks as well as others in mind before they choose a cloud provider. They should consider current and future security, compliance and regulatory requirements to ensure cloud IaaS does not pose a risk to the business.

Prepare your must-have list

A lot of organisations struggle to accept the standard terms and conditions of public cloud IaaS contracts. The most challenging factor is likely to be location, as deals across different geographies introduce risks such as varying contractual practices and unfamiliarity with local systems.

SVPM leaders have to assess their firm’s main areas of concern first and create a must-have list. The second step is to identify the associated terms and conditions in the IaaS agreements and see if they address concerns or need to be renegotiated.

For example, every contract should contain customised end-of-term agreements for moving data back in-house or to another provider. The standard termination notice is 30 days, which may be insufficient for significant amounts of data.

Consider hidden costs and total cost of ownership (TCO)

Cost reduction is one of the main drivers of public cloud IaaS adoption. In a recent Gartner survey, 50% of respondents considered cost savings as one of the primary reasons for moving to the cloud. However, the ROI is often not as obvious as expected and needs to be carefully analysed. Add-ons, data transfer, security, backups and many other small but necessary capabilities create a pile of hidden costs.

Having a good understanding of hidden costs is extremely important to create an accurate business case and estimate TCO. SVPM leaders should develop best, realistic and worst-case scenarios, and include historical data to verify whether or not the calculated future demand is what they think it is.